there is only one somewhat successful app for securing your message and it is called legislation
Nope.
1. Legislation is not an app. Calling it an app isn't helpful.
2. Legislation would not help: the government is the one doing the spying, remember?
3. Crypto already exists. Off The Record already exists. The problem is getting people to use secure means of communication.
without legislation and treaties they will hack you hardware and pry before you can begin to secure it
A legitimate concern, but that's a technical challenge, not a game-over.
launch man in the middle attacks
That's what proper crypto is for.
hack you software via updates and corrupt compliant software licensor's
Proprietary software vendors in particular. This stuff doesn't seem to happen as much in FOSS, but yes, it is a concern.
and if all that fails, grab you off the street and enhanced interrogation the information out of you or kill you in the process via 'er' natural causes.
No, they won't do this en-masse, as it's a lot of work. Also, even if they do, you'll at least know they really are spying on you individually, which is worth something. This is comparable to laws which require you to hand over crypto keys if asked: yes, they might get to spy on you, but you'll know.
Also, claiming the government is likely to start summarily executing people who use crypto just makes you look silly. No hyperbole is necessary here.
The two actually have very little to do with each other.
They have in common all that matters for the point being made, which is that it's surprising that unpaid, unorganised contributors can make something worthwhile, even in the face of vandals/trolls, and on a limited budget.
As an example: the LLVM project coding standards forbid use of exceptions or RTTI, on the grounds that they cause global performance harm, even if you don't use them. (Whether this is still true of exceptions, I'm not entirely sure.)
Templates can be tremendously useful, but their reputation for binary code-bloat isn't undeserved. Careless use of templates can cause vast amounts of machine-code to be generated. That said, even speed- and size-sensitive applications may find they have a place.
Not really. Which data-structures are immediately available in a language, does matter. Ruby has associative arrays as part of the language, and they're used for all sorts of things despite that traditional arrays would be more efficient. Ruby doesn't care much about efficiency.
On the other hand, up until quite recently the C++ standard-library didn't include a hash-map, so a busy developer might be tempted to just use an array and a linear-scan; that's easier than setting up Google's sparsehash library.
I've never seen this occur myself, but yes, maintaining cyclic data-structures is harder in C/C++ than in GC'ed environments.
shared_ptr, and its related smart ptrs, are generally adequate for fully automatic memory-management, though. Cycles are quite rare in my experience, but of course they do happen.
There's a related point to be made about how it can be difficult to do the algorithmically 'right thing'. Until C++11, you had to use external libraries for hash-maps. What I should've said is that C and C++ are generally quite good at making it clear where something inefficient or expensive is being done, unlike many high-level languages where one creates short-lived intermediate data-structures without even thinking, involving lots of avoidable copies.
Yep, C strings, and strlen, are pretty nasty. Fair point. C does at least make it fairly clear that there's work being done to find the length of a string. (Unlike in, say, Ruby, in which iirc a zero-argument method invocation has the same syntax as member-access.)
C/C++ certainly let you shoot yourself in the foot regarding correctness, but they generally don't make it easy to shoot yourself in the foot regarding performance. (C++ templates, exceptions, and RTTI being exceptions.)
And the fact idiots still use those languages in areas where performance isn't an absolute priority is simple idiocy.
Other legitimate reasons include legacy codebase, existence of useful libraries accessible from only these languages, extreme practical portability (yes you can technically run C# on Android, or Java on iPhone, but it takes proprietary external tools), etc.
Off The Record works even if you never compare device fingerprints, but of course you then have no assurance that you're not being man-in-the-middle'd. (You could detect a man-in-the-middle at a later point if you later compare fingerprints, though.)
If I transfer a file over a direct ethernet/cat5e connection, between two devices which happen to also be connected to the Internet, I presume that doesn't count as taxable data-transfer.
But it would be taxed if I sent it over the Internet, even if the data never went further than the ISP.
What if we create large mesh-networks, such that commercial ISPs are only necessary for connecting meshes? As the meshes grow, the amount of tax to be paid tends toward zero.
Privacy is not a basic human need. We used to live in caves and huddle together for warmth. There's no privacy there.
Even if that were true, it wouldn't matter. We evolved for life in small tribes, and now live in huge societies. Group dynamics change as scale increases.
Stop judging everyone and then privacy wouldn't matter.
Indeed. In a perfect world where all people are angels, there would be rather less need for privacy.
I might just be rephrasing what WarJolt already said, but: it's not a contradiction.
It's just a lie.
A 'cloud' is a big pile of servers leased out to users. A private cloud therefore should mean a private big pile of servers owned and used exclusively by a particular institution. Of course, that's not what these marketing clowns mean when they say It's your cloud! Generally, they mean... absolutely nothing, by this, as far as I can tell. Maybe VLANs at best. The linked article uses the former (non-)meaning, as far as I can tell.
Slashdot Mirror
Wine? Valve are supporting Linux natively!
Well, there is: it's called security.
Start by not using fax, unencrypted email, or ordinary phone-calls.
Of course, GCHQ can probably still just demand information, but at least you know about it in that case.
Sounds a lot like BillPin.
Continuing the Slashdot obtuseness: an iPad will run arbitrary (user-supplied, not-Apple-approved) JavaScript without issue.
Unfortunately there are indeed Muslim countries in which the majority of people support killing apostates, yes. (Afghanistan, for instance.)
That doesn't make Chrisq's bullshit any less unreasonable, though. Muslims in Western countries tend not to be like that.
there is only one somewhat successful app for securing your message and it is called legislation
Nope.
without legislation and treaties they will hack you hardware and pry before you can begin to secure it
A legitimate concern, but that's a technical challenge, not a game-over.
launch man in the middle attacks
That's what proper crypto is for.
hack you software via updates and corrupt compliant software licensor's
Proprietary software vendors in particular. This stuff doesn't seem to happen as much in FOSS, but yes, it is a concern.
and if all that fails, grab you off the street and enhanced interrogation the information out of you or kill you in the process via 'er' natural causes.
No, they won't do this en-masse, as it's a lot of work. Also, even if they do, you'll at least know they really are spying on you individually, which is worth something. This is comparable to laws which require you to hand over crypto keys if asked: yes, they might get to spy on you, but you'll know.
Also, claiming the government is likely to start summarily executing people who use crypto just makes you look silly. No hyperbole is necessary here.
I'm sure you get this all the time, but really: there's no call for the generalisation.
The actual 'scorecard' can be found here. No need to go to extremes and RTFA.
[Snarky comment about sloppy /. submissions.]
The two actually have very little to do with each other.
They have in common all that matters for the point being made, which is that it's surprising that unpaid, unorganised contributors can make something worthwhile, even in the face of vandals/trolls, and on a limited budget.
Wikipedia's imperfections are not relevant here.
But 'the C++ way' can cause cascading release of resources. See this comment below.
As an example: the LLVM project coding standards forbid use of exceptions or RTTI, on the grounds that they cause global performance harm, even if you don't use them. (Whether this is still true of exceptions, I'm not entirely sure.)
Templates can be tremendously useful, but their reputation for binary code-bloat isn't undeserved. Careless use of templates can cause vast amounts of machine-code to be generated. That said, even speed- and size-sensitive applications may find they have a place.
Not really. Which data-structures are immediately available in a language, does matter. Ruby has associative arrays as part of the language, and they're used for all sorts of things despite that traditional arrays would be more efficient. Ruby doesn't care much about efficiency.
On the other hand, up until quite recently the C++ standard-library didn't include a hash-map, so a busy developer might be tempted to just use an array and a linear-scan; that's easier than setting up Google's sparsehash library.
I've never seen this occur myself, but yes, maintaining cyclic data-structures is harder in C/C++ than in GC'ed environments.
shared_ptr, and its related smart ptrs, are generally adequate for fully automatic memory-management, though. Cycles are quite rare in my experience, but of course they do happen.
There's a related point to be made about how it can be difficult to do the algorithmically 'right thing'. Until C++11, you had to use external libraries for hash-maps. What I should've said is that C and C++ are generally quite good at making it clear where something inefficient or expensive is being done, unlike many high-level languages where one creates short-lived intermediate data-structures without even thinking, involving lots of avoidable copies.
Yep, C strings, and strlen, are pretty nasty. Fair point. C does at least make it fairly clear that there's work being done to find the length of a string. (Unlike in, say, Ruby, in which iirc a zero-argument method invocation has the same syntax as member-access.)
C/C++ certainly let you shoot yourself in the foot regarding correctness, but they generally don't make it easy to shoot yourself in the foot regarding performance. (C++ templates, exceptions, and RTTI being exceptions.)
And the fact idiots still use those languages in areas where performance isn't an absolute priority is simple idiocy.
Other legitimate reasons include legacy codebase, existence of useful libraries accessible from only these languages, extreme practical portability (yes you can technically run C# on Android, or Java on iPhone, but it takes proprietary external tools), etc.
Off The Record works even if you never compare device fingerprints, but of course you then have no assurance that you're not being man-in-the-middle'd. (You could detect a man-in-the-middle at a later point if you later compare fingerprints, though.)
It's not really a Unix desktop, it just sits on top of a Unix subsystem, much like how Android sits on top of Linux.
It's true that, say, the package-management isn't very Unix-ey, but there really is a Unix OS under the hood. It's right there in Terminal.app
Try running Unix apps, and it has to start a proper Unix desktop to do so.
Your argument is it doesn't use X11, therefore it's not Unix?
Both GTK and Qt support Mac without use of X11, so practically speaking it matters very little. Anyway, X11 does not define Unix.
I like a quick dig at Google as much as anyone, but what other instances are you referring to?
Well, that's depressing.
I was being facetious; I'm always annoyed by the use of 'digital to mean 'downloaded'.
Video games have always been digital. Music has been digital since CDs. If you mean downloaded, don't just say digital.
given the digital nature of the products
Man, digital software!?
If I transfer a file over a direct ethernet/cat5e connection, between two devices which happen to also be connected to the Internet, I presume that doesn't count as taxable data-transfer.
But it would be taxed if I sent it over the Internet, even if the data never went further than the ISP.
What if we create large mesh-networks, such that commercial ISPs are only necessary for connecting meshes? As the meshes grow, the amount of tax to be paid tends toward zero.
Privacy is not a basic human need. We used to live in caves and huddle together for warmth. There's no privacy there.
Even if that were true, it wouldn't matter. We evolved for life in small tribes, and now live in huge societies. Group dynamics change as scale increases.
Stop judging everyone and then privacy wouldn't matter.
Indeed. In a perfect world where all people are angels, there would be rather less need for privacy.
Also the occasional complete misuse of the buzzwords.
No, Sky, your wi-fi offerings have nothing whatsoever to do with cloud computing.
I might just be rephrasing what WarJolt already said, but: it's not a contradiction.
It's just a lie.
A 'cloud' is a big pile of servers leased out to users. A private cloud therefore should mean a private big pile of servers owned and used exclusively by a particular institution. Of course, that's not what these marketing clowns mean when they say It's your cloud! Generally, they mean... absolutely nothing, by this, as far as I can tell. Maybe VLANs at best. The linked article uses the former (non-)meaning, as far as I can tell.